<?php
require 'config.php';
switch (@$_GET['a']){

    case 'jin':
        $id = $_GET['id'];
        $sql = "update user set status = 0 where id = $id";
        $p = $_GET['p'];
        mysqli_query($link,$sql);
        if (mysqli_affected_rows($link)>0) {
            echo "<script>alert('禁用成功');window.location.href='vip.php?p={$p}';</script>";die;
        }
        mysqli_close($link);

        break;
    case 'kai':
        $id = $_GET['id'];
        $sql = "update user set status = 1 where id = $id";
        $p = $_GET['p'];
        mysqli_query($link,$sql);
        if (mysqli_affected_rows($link)>0) {
            echo "<script>alert('开启成功');window.location.href='vip.php?p={$p}';</script>";die;
        }
        mysqli_close($link);

        break;
    case 'fen_jin':
        $search = $_GET['search'];
        $id = $_GET['id'];
        $sql = "update user set status = 0 where id = $id";
        $p = $_GET['p'];
        mysqli_query($link,$sql);
        if (mysqli_affected_rows($link)>0) {
            echo "<script>alert('禁用成功');window.location.href='vip.php?p={$p}&search={$search}';</script>";die;
        }
        mysqli_close($link);
    case 'fen_kai':
        $search = $_GET['search'];
        $id = $_GET['id'];
        $sql = "update user set status = 1 where id = $id";
        $p = $_GET['p'];
        mysqli_query($link,$sql);
        if (mysqli_affected_rows($link)>0) {
            echo "<script>alert('开启成功');window.location.href='vip.php?p={$p}&search={$search}';</script>";die;
        }
        mysqli_close($link);
        break;
    case 'exit':
        $time = date('Y-m-d H:i:s');
        $uname = $_COOKIE['uname'];
        $sql ="update user set lastlogin = '{$time}' where userName = '{$uname}'";
        mysqli_query($link,$sql);
        if (mysqli_affected_rows($link)>0){
            setcookie('uname','',time()-1,'/');
            setcookie('auth','',time()-1,'/');
            echo "<script>alert('退出成功');window.location.href='../index.php';</script>";die;
        }
        mysqli_close($link);
        break;

    case 'add':
        @$auth = $_COOKIE['auth'];
        $uname = $_POST['uname'];
        $pwd = $_POST['pwd'];
        $auth2 = $_POST['auth'];
        $auth1 = $auth2 == '会员'? 1:0;

        if (@$auth == '超级管理员') {
            if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'','')";
                mysqli_query($link,$sql);
                if (mysqli_affected_rows($link)>0){
                    echo "<script>alert('添加成功'); window.location.href='vip.php';</script>";die;
                }else{
                    echo "<script>alert('用户名重复');window.location.href='add.php';</script>";die;
                }

            }else{
                echo "<script>alert('内容不能为空');window.location.href='add.php';</script>";die;
            }
        }else{
                echo "<script>alert('你的权限不够');window.location.href='add.php';</script>";
            /* echo "<script>alert('你没有权限');window.location.href='add.php';</script>";die;*/
        }
        mysqli_close($link);
        break;
    case 'add_list':
        @$auth = $_COOKIE['auth'];
        $uname = $_POST['uname'];
        $pwd = $_POST['pwd'];
        $auth2 = $_POST['auth'];
        $auth1 = $auth2 == '会员'? 1:0;
        if (@$auth == '超级管理员') {
            if(!empty($_POST['uname']) && !empty($_POST['pwd'])){
                $sql = "insert into user values(null,'{$uname}','{$pwd}','{$auth1}',1,'','')";
                mysqli_query($link,$sql);
                if (mysqli_affected_rows($link)>0){
                    echo "<script>alert('添加成功');</script>";die;
                }else{
                    echo "<script>alert('用户名重复');</script>";die;
                }

            }else{
                echo "<script>alert('内容不能为空');</script>";die;
            }
        }else{

                echo "<script>alert('你的权限不够');</script>";

            /* echo "<script>alert('你没有权限');window.location.href='add.php';</script>";die;*/
        }
        mysqli_close($link);
        break;

    case 'del':
        $id = $_GET['id'];
        $sql = "delete from user where id ='$id'";
        mysqli_query($link,$sql);
        if(mysqli_affected_rows($link)>0){
            echo "<script>alert('删除成功');window.location.href='vip.php';</script>";die;
        }
        mysqli_close($link);
        break;
    case 'edit':
        @$auth = $_COOKIE['auth'];
        if (!empty($_POST['pwd'])){
            if ($auth == '管理员'){
                echo "<script>alert('权限不够');window.location.href='user.php';</script>";die;
            }
            $id = $_POST['id'];
            $pwd = $_POST['pwd'];
            $sql = "update user set password = '$pwd' where id = '$id'";
            mysqli_query($link,$sql);
            if (mysqli_affected_rows($link)>0){
                echo "<script>alert('修改成功');window.location.href='user.php';</script>";die;
            }else{
                echo "<script>alert('修改失败');window.location.href='user.php';</script>";die;
            }

            mysqli_close($link);
        }else{
            echo "<script>alert('内容不能为空');window.location.href='user.php';</script>";die;
        }

        break;
    case "search":
        if(!empty($_POST['name'])){
            $name = $_POST['name'];
            $sql = "select * from user where userName like '%{$name}%'";
            $result = mysqli_query($link,$sql);
            $rows = mysqli_fetch_assoc($result);
            if($rows){
                echo "<script>window.location.href='vip.php?search={$name}'</script>";die;
            }else{
                echo "<script>alert('用户不存在');window.location.href='vip.php?search=';</script>";die;
            }

        }else{
            echo "<script>window.location.href='vip.php?search='</script>";die;
        }
        break;

    default:
        echo "<script>alert('什么鬼');window.location.href='index.php';</script>";die;

}

